Cherry-pick #18802 to 7.7: Add missing network.sent_packets_count metric into compute googlecloud #18833
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…16846) When dealing with autodiscover & hints, especially, that generate new configurations depending on the discovered workloads, having the `layouts` as part of the debug message is quite useful for checking what the timestamp processor is trying to match against the target field. (cherry picked from commit 9ff5bc3) Co-authored-by: Jorge Luis Betancourt Gonzalez <[email protected]>
) Add dashboards to the Winlogbeat Security module for visualizing User Management events and Group Management events. There are two versions of each dashboard - one with and without TSVB (time series visual builder) visualizations. This updates the Winlogbeat build to include the dashboards from the module directories. Add it adds winlog.event_data.MemberName to the fields.yml because it's used in the user management dashboard and should be in the fields.yml so the dashboards load without error. Co-authored-by: Andrew Kroh <[email protected]> (cherry picked from commit d866824) Co-authored-by: Anabella Cristaldi <[email protected]>
* major refactor to support different systemd version * format and updates * update ref docs * update ref, again * add newline * Fix error string Co-Authored-By: Jaime Soriano Pastor <[email protected]> * add changelog entry * make update * add build target Co-authored-by: Jaime Soriano Pastor <[email protected]> (cherry picked from commit 1d36da7)
(cherry picked from commit 0d45df1) Co-authored-by: Edu González de la Herrán <[email protected]>
This adds metadata to the Windows .exe files that the build produces. This makes our binaries a little more friendly to automation on Windows because you can check the version programmatically with ease. It also makes is easy for end user to inspect some details about the file from the file properties dialog in Windows. Closes #15232 For example: ``` PS C:\vagrant\winlogbeat > (Get-Info .\winlogbeat.exe).VersionInfo | Format-List OriginalFilename : winlogbeat.exe FileDescription : Winlogbeat ships Windows event logs to Elasticsearch or Logstash. ProductName : Winlogbeat Comments : commit=8d6cf58f347579188d707421da6b70b2f66701ea CompanyName : Elastic FileName : C:\vagrant\winlogbeat\winlogbeat.exe FileVersion : 8.0.0 ProductVersion : 8.0.0 IsDebug : False IsPatched : False IsPreRelease : False IsPrivateBuild : False IsSpecialBuild : False Language : Language Neutral LegalCopyright : Copyright Elastic, License ASL 2.0 LegalTrademarks : PrivateBuild : SpecialBuild : FileVersionRaw : 8.0.0.0 ProductVersionRaw : 8.0.0.0 ``` (cherry picked from commit 695b167)
…16971) (#17048) (cherry picked from commit 0208a25) Co-authored-by: ma-hei <[email protected]>
* Update vendored elastic/ecs to v1.5.0 * Update fields.ecs.yml to v1.5.0 * Fix encoding issue in fields' docs Fields' docs generation is failing in some systems when non-ascii characters appear in the fields descriptions and/or examples. * Patch fields.ecs.yml to avoid parser trouble The fields docs generator was having trouble representing an example as an object in a way that was consistent across different python3 versions due to keys in a dict being serialised to string with different orderings. This caused checks to fail. (cherry picked from commit 76dcd34)
Tests on stats API can finish even before the mocked beat has completed its initialization, so it can receive the signal to stop before it can handle signals, terminating with an status code -15 (killed by SIGTERM), instead of the expected status code 0. Check that the beat has been completely started before trying to kill it, and move common code to setUp/tearDown. Fix also an incorrect error message. (cherry picked from commit 825cf05)
…6990) * Improve ECS field mappings in suricata module - destination.domain - dns.question.top_level_domain - event.category - event.kind - event.outcome - event.type - related.hash - related.ip - rule.category - rule.id - rule.name - tls.client.server_name - tls.resumed - tls.server.certificate - tls.server.certificate_chain - tls.server.hash.sha1 - tls.server.issuer - tls.server.ja3s - tls.server.not_after - tls.server.not_before - tls.server.subject - tls.version - tls.version_protocol Closes #16181 (cherry picked from commit 7eb2fba)
Add build tags to AWS and Azure integration tests, and make tests fail if they cannot get a working configuration. Add support for a `TEST_TAGS` environment variable in mage targets that add additional build tags to go tests calls. When `TEST_TAGS` includes a cloud provider, it is expected that valid credentials to run these tests are available in the environment, if not, tests will fail. This is intentional, to avoid skipping tests by mistake due to some misconfiguration in CI. (cherry picked from commit 1345a97)
This PR adds the option to remove files from the vendor folder during `mage update`. `yacc` is triggered from time to time when `mage vendor` copies files in a particular order. It leads to build failures unexpectedly. (cherry picked from commit 9370128)
…16866) (#16893) Switch from Debug to Error when unrecoveral events happen and add extra debug messages when indexing and matching pods. (cherry picked from commit 1d6323f) Co-authored-by: Flavio Percoco <[email protected]>
…18546) Sometimes the mapped source/destination IP field of an event is a hostname instead of an IP address. This caused ingestion of the event to fail. This patch makes the asa-ftd-pipeline to only populate those fields when a valid IP address is found. In the future we may want to revisit this if .nat.domain or .nat.address fields become available. (cherry picked from commit b24ed97)
…es (#18525) (#18533) PANW pipeline was mapping: Bytes sent to client/destination bytes. Bytes received to server/source bytes. Packets sent to server/destination packets. Packets received to client/source packets. All of these mappings are wrong. The correct is: Bytes sent to client/source bytes. Bytes received to server/destination bytes. Packets sent to client/source packets. Packets received to server/destination packets. Also adding some missing ECS mappings in the process. Fixes #18522 (cherry picked from commit 463a52a)
… ingress_controller (#18569) * Fix source.address not being set for nginx ingress_controller Signed-off-by: chrismark <[email protected]> Co-authored-by: chendo <[email protected]> (cherry picked from commit 8e29ab7)
…kets (#18603) The O365 Management API is generating some events that contain a `ClientIP` / `ClientIPAddress` field consisting of an IPv4 address enclosed in square brackets. This is breaking ingestion of those events as the brackets are only stripped for IPv6 addresses. > "ClientIP": "[10.11.12.13]:12345" This patch adds support for IPv4 enclosed in brackets and a few other edge cases. Fixes #18587 (cherry picked from commit eaf196d)
* Preserve case of http.request.method ECS previously specified normalizing http.request.method to lowercase. This resulted in the loss of information. Affects filesets from the following versions: - apache/access (7.7 - 7.8) - elasticsearch/audit (7.7 - 7.8) - iis/access (7.7 - 7.8) - iis/error (7.7 - 7.8) - nginx/access (7.8) - nginx/ingress_controller (7.8) - aws/elb (7.7 - 7.8) - suricata/eve (7.4 - 7.8) - zeek/http (7.8) Closes #18154 (cherry picked from commit 87c3ad3)
…ric into compute googlecloud
botelastic
bot
added
needs_team
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Cherry-pick of PR #18802 to 7.x branch. Original message:
This PR is to add 4 memory metrics(only for e2 family VMs) into googlecloud compute metricset and also added the missing network.sent_packets_count metric.